openssl: drop includes unused or duplicate

Also: - vquic-tls.h: do not include unused headers for non-H3 builds. - autotools: stop looking for `openssl/x509.h` header. - cmp-config.pl: delete exception for `openssl/x509.h`. - examples: format/comment sync between the two touched files. - openssl: drop unused `curlx/wait.h` include. Closes #20049
2026-04-11 12:01:42 +08:00 · 2025-12-20 12:38:19 +01:00 · 2025-12-20 12:38:19 +01:00 · a468e605eb
commit a468e605eb
parent 43baf7a426
9 changed files with 11 additions and 19 deletions
--- a/.github/scripts/cmp-config.pl
+++ b/.github/scripts/cmp-config.pl
@ -68,7 +68,6 @@ my %remove = (
    '#define HAVE_OPENSSL_PEM_H 1' => 1,
    '#define HAVE_OPENSSL_RSA_H 1' => 1,
    '#define HAVE_OPENSSL_SSL_H 1' => 1,
-    '#define HAVE_OPENSSL_X509_H 1' => 1,
    '#define HAVE_QUICHE_H 1' => 1,
    '#define HAVE_SSL_SET_QUIC_TLS_CBS 1' => 1,
    '#define HAVE_SSL_SET_QUIC_USE_LEGACY_CODEPOINT 1' => 1,
--- a/docs/examples/cacertinmem.c
+++ b/docs/examples/cacertinmem.c
@ -28,7 +28,6 @@

 /* Requires: USE_OPENSSL */

-#include <openssl/err.h>
 #include <openssl/ssl.h>

 #include <stdio.h>
--- a/docs/examples/usercertinmem.c
+++ b/docs/examples/usercertinmem.c
@ -38,9 +38,9 @@
 #endif

 #include <openssl/ssl.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
+
 #include <curl/curl.h>
+
 #include <stdio.h>

 #if defined(__GNUC__) || defined(__clang__)
@ -189,7 +189,7 @@ int main(void)
    else
      printf("*** transfer failed ***\n");

-    /* second try: retrieve page using user certificate and key -> succeeds
+    /* second try: retrieve page using user certificate and key -> succeeds to
     * load the certificate and key by installing a function doing
     * the necessary "modifications" to the SSL CONTEXT just before link init
     */
--- a/lib/vquic/vquic-tls.h
+++ b/lib/vquic/vquic-tls.h
@ -25,14 +25,15 @@
 ***************************************************************************/

 #include "../curl_setup.h"
-#include "../bufq.h"
-#include "../vtls/vtls.h"
-#include "../vtls/vtls_int.h"
-#include "../vtls/openssl.h"

 #if defined(USE_HTTP3) && \
  (defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_WOLFSSL))

+#include "../bufq.h"
+#include "../vtls/vtls.h"
+#include "../vtls/vtls_int.h"
+
+#include "../vtls/openssl.h"
 #include "../vtls/wolfssl.h"

 struct ssl_peer;
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@ -52,7 +52,6 @@
 #include "../connect.h"
 #include "../progress.h"
 #include "../select.h"
-#include "../curlx/wait.h"
 #include "vtls.h"
 #include "vtls_int.h"
 #include "vtls_scache.h"
@ -66,7 +65,6 @@
 #include "../strdup.h"
 #include "apple.h"

-#include <openssl/ssl.h>
 #include <openssl/rand.h>
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_NO_DSA
@ -74,12 +72,10 @@
 #endif
 #include <openssl/dh.h>
 #include <openssl/err.h>
-#include <openssl/md5.h>
 #include <openssl/conf.h>
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/bio.h>
-#include <openssl/buffer.h>
 #include <openssl/pkcs12.h>
 #include <openssl/tls1.h>
 #include <openssl/evp.h>
--- a/lib/vtls/schannel.h
+++ b/lib/vtls/schannel.h
@ -58,7 +58,7 @@
 /* <wincrypt.h> has been included via the above <schnlsp.h>.
 * Or in case of ldap.c, it was included via <winldap.h>.
 * And since <wincrypt.h> has this:
- *   #define X509_NAME  ((LPCSTR) 7)
+ *   #define X509_NAME  ((LPCSTR)7)
 *
 * And in BoringSSL's <openssl/base.h> there is:
 *  typedef struct X509_name_st X509_NAME;
--- a/m4/curl-amissl.m4
+++ b/m4/curl-amissl.m4
@ -52,8 +52,7 @@ if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then
      CURL_NETWORK_AND_TIME_LIBS="-lamisslstubs -lamisslauto $CURL_NETWORK_AND_TIME_LIBS"
      AC_DEFINE(USE_AMISSL, 1, [if AmiSSL is in use])
      AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use])
-      AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
-                       openssl/pem.h openssl/ssl.h openssl/err.h)
+      AC_CHECK_HEADERS(openssl/rsa.h openssl/crypto.h openssl/pem.h openssl/ssl.h openssl/err.h)
    ],[
      AC_MSG_RESULT([no])
    ])
--- a/m4/curl-openssl.m4
+++ b/m4/curl-openssl.m4
@ -211,8 +211,7 @@ if test "x$OPT_OPENSSL" != "xno"; then

    if test "$ac_cv_lib_ssl_SSL_connect" = "yes"; then
      dnl Have the libraries--check for OpenSSL headers
-      AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \
-                       openssl/pem.h openssl/ssl.h openssl/err.h,
+      AC_CHECK_HEADERS(openssl/rsa.h openssl/crypto.h openssl/pem.h openssl/ssl.h openssl/err.h,
        ssl_msg="OpenSSL"
        test "openssl" != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes
        OPENSSL_ENABLED=1
--- a/tests/libtest/lib758.c
+++ b/tests/libtest/lib758.c
@ -34,7 +34,6 @@

 #ifdef USE_OPENSSL

-#include <openssl/x509.h>
 #include <openssl/ssl.h>

 #if OPENSSL_VERSION_NUMBER >= 0x30000000L